The Same Russians Who Hacked Clinton Are Targeting Biden

Uploaded on 2020-10-12 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Microsoft says that the same group of cyber criminals from Russia that attempted to interfere in the 2016 US election are trying to break into email accounts belonging to staff members from across the political spectrum.

Other hackers from China and Iran are also attempting to spy on the presidential campaigns of Donald Trump and Joe Biden, according to Microsoft. 

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently warned that foreign groups and other malicious actors online are spreading disinformation around potential cyber attacks on US election infrastructure.  “During the 2020 election season, foreign actors and cyber criminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in US democratic institutions,” the agencies wrote 

Officials with the Department of Homeland Security and US intelligence have been saying for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest. This would be similar to the last presidential race, when they leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.  Then the agencies warned that US voter information is widely available through other avenues than illegal hacking, and that access to voter information had not impacted election results. 

Hackers targeted staff at Washington DC firm SKDKnickerbocker, a campaign strategy and communications firm working with Biden. ​Microsoft identified the suspected hacking group as the same set of spies blamed by the US government for breaking into the campaign of Democratic former presidential candidate Hillary Clinton and leaking the emails of her staff, two of the sources said. 

The group, which many researchers refer to as “Fancy Bear,” is controlled by the Russia’s military intelligence agency, according to reports from the US intelligence community released after the 2016 election. A person familiar with SKDK’s response to the attempts said the hackers failed to gain access to the firm’s networks. “They are well-defended, so there has been no breach,” the person said.

US intelligence agencies have raised alarms about possible efforts by foreign governments to interfere in the November presidential election.

Investigations by former special counsel Robert Mueller and the Senate intelligence committee both concluded that affiliates of the Russian government interfered in the 2016 presidential election to try to help Republican Donald Trump get elected. Mueller has warned that Russia was meddling in the current campaign. The Biden campaign said it was aware Microsoft said

One of the sources familiar with the incident told the Washington Post  that it was not clear whether Biden’s campaign was the target or whether the hackers were attempting to gain access to information about other SKDK clients. 

The attempts to infiltrate SKDK were recently flagged to the campaign firm by Microsoft, which identified hackers tied to the Russian government as the likely culprits, according to the three sources briefed on the matter. The attacks included phishing, a hacking method which seeks to trick users into disclosing passwords, as well as other efforts to infiltrate SKDK’s network, the three sources said.

Microsoft believes Fancy Bear is behind the attacks based on an analysis of the group’s hacking techniques and network infrastructure, one of the sources said.

The company, which has extraordinary visibility on digital threats via its widely used Windows operating system and cloud services has taken an increasingly active role in calling out state-backed cyber espionage. In 2018, the company launched its Defending Democracy initiative, aimed in part at safeguarding campaigns from hackers.

It is thought that Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff  and that  China, has tried to hack staff for former vice president Joe Biden, Democratic presidential candidate.

These nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by US adversaries.  The kinds of disinformation campaigns being pushed heavily by bots take a variety of forms, including false information about voting logistics like date, place, or fake voting requirements.

Reuters:       Washington Post:       NPR:      Sky:     The Hill:         TechRepublic

You Might Also Read:

US Electoral Infrastructure Is Wide Open To Hackers:

 

« Cambridge Analytica Did Not Influence The Brexit Referendum
Struggling With The Cyber Security Skills Shortage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

rPeople Staffing

rPeople Staffing

rPeople provides direct placement in all areas of your organization, including and specializing in Technical and Executive hiring.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Cybersecurity Association of Maryland (CAMI)

Cybersecurity Association of Maryland (CAMI)

CAMI’s mission is to create a global cybersecurity marketplace in Maryland and generate thousands of high-pay jobs through the cybersecurity industry.

Trustelem

Trustelem

Trustelem offers European and global companies a ready-to-use access management service that respects the principles of sovereignty, territoriality and privacy.

C5 Capital

C5 Capital

C5 Capital is a specialist investment firm that exclusively invests in the secure data ecosystem including cybersecurity, cloud infrastructure, data analytics and space.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Neo Auth

Neo Auth

Neo Auth is an identity and access management solution to help organizations optimize their cybersecurity processes.

Soteria Communications

Soteria Communications

Soteria Communications supports clients to prepare for and manage crises, with a focus on cyber incidents.